Playing around with OpenWRT and WireGuard, it would be nice to have an "export-WG-Config"-button for the whole interface and the peer as well.
Also I would like to see the possibility to only input the WG-private-key while creating a new interface, because the OpenWRT-config-backup only holds the private key in "network" too. (I know that I can recreate the pubkey in the console any time...)
You mean the config contained here?
/etc/config/network
Also, since there's a long discussions on the confusion "WG config backups" have caused, you are aware of the current QR copy/backup functionality, correct?
(Users have different interpretations of what should be backed up and if the private key should ever leave the device upon which it was created - except to completely transfer the config. The latter exception caused further confusion too.) 
This is possible.
Not really, is this another app? I am only using luci-proto-wireguard and want to backup the whole interface, not only the peer.
You don't need the public key of your exported interface config, you have the private key. This raises the question of the purpose of the backup feature you're requesting.
I was asking- because the full Wireguard configuration is contained at:
You can obtain a textual backup any of your configurations from LuCI backup/flash firmware page - so why would a separate button for one specific protocol be necessary?
I didn't notice it (clarification) in your screenshot - it's not a per-peer feature the export is in thr peer section.
As I recall - this export would fit the use case of transferring the remote configuration of one peer, as like moving your VPN service test config from router to a phone.
Which raises a question, do you want a backup of a specific peer of an interface, or all peers?
Perhaps a selector?
(Recall my comment about different ideas of a WG backup feature?)
The purpose is to "move" some Privacy-VPN-WG-tunnels from one OpenWRT to another.
The idea is that I only want to "copy" the complete WireGuard interface, nothing else. And I want to "restore" that interface via LuCi. Do you suggest to edit the network config instead? While this probably would work, it is not doable in LuCi I think.
So I still would like to see an export button next to the import button and not to make the public key mandatory in LuCi.
1 Like
- Then you will need a feature request completed - to export the config in Wireguard file syntax
- To be clear, this request also includes WG interfaces with multiple peers, correct?
- Do you need routing details too?
- There are apps to allow file and command access in LuCI
- Given there's luci-proto-wireguard, I assume you mean "restoring" via some non-manual means?
Sounds good.
While we are at it, why not.
Any recommendations? In a VM, I can't use the console with copy and paste.
I mean by uploading the WireGuard-config via the browser. That already exists, only the export is missing.
Because I don't think Wireguard keeps track of that routing - but you may need that on the 'imported' device (hence my inquiry about /etc/config/network).
- You can't use copy/paste in most consoles
- Again, there's apps to access the console - are you asking for specific package names?
- or SSH (built-in already)
Since you prefer this textual access via web GUI - no good recommendations aside from known apps.
(You also mentioned the restore function - but I digress.)
I'm not sure how one restores a currently nonexistent [Wireguard] interface. That will likely have to be written by a developer as well (simply using the network config mitigates the need for that).
- Yea, export from OpenWrt in Wireguard syntax
- Just to re-import into OpenWrt, but not using the network config
Cool - I think that's clear. Thanks for clarifying.
1 Like